Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Remote authentication and transaction signatures

a transaction signature and remote authentication technology, applied in public key infrastructure trust models, instruments, data processing applications, etc., can solve the problems of complex public key infrastructure, insufficient static passwords, and high cost when compared to competing security technologies, and achieve the effect of reducing the cost of public key infrastructure, and increasing the complexity of public key infrastructur

Inactive Publication Date: 2011-04-19
ONESPAN NORTH AMERICA INC
View PDF43 Cites 40 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Benefits of technology

"This patent describes a method and apparatus for generating secure digital signatures and one-time passwords using a private key and a cryptographic algorithm. The key is a dynamic value that is generated based on a combination of variable inputs such as time, counter, or challenge. The length of the key is significantly smaller than the length of the cryptogram generated by the private key. The method uses the same asymmetric cryptographic algorithm as the private key to authenticate users and sign data. The OTP and MAC values generated can be significantly smaller than the size of the cryptogram. The private key can be stored on a smart card or in a device that communicates with the smart card. The method can be performed using a combination of a smart card reader and a computing device equipped with the necessary software. The patent also describes various alternatives and variations of the method."

Problems solved by technology

In the last couple of years it has become evident that static passwords are not sufficient and that more advanced security technology is required.
Apart from the advantages, there are also some disadvantages associated with PKI and the smart cards carrying the PKI keys and certificates:a. Building a Public Key Infrastructure is generally quite complicated and therefore expensive when compared to competing security technologies.b. PKI is inherently limited to environments and applications where there is a digital connection between clients and servers.
In other words it is unsuitable for telephone banking or other delivery channels where it is not possible to provide a digital connection between the container of the PKI certificate and private key on the one hand and an application server on the other hand.c. PKI smart cards do not have a power supply or a user interface.
This reduces the mobility of the user (many PCs are not equipped with smart card readers).
It also presents a security problem: all user interaction (such as approving a signature or capturing the card's PIN) is done on the inherently insecure PC.
(In practice, the validation of an OTP or MAC is often somewhat more convoluted if the strong authentication algorithm is time-based or counter-based, due to synchronization issues.)
Many PKI-enabled smart cards don't support symmetric cryptographic operations or (if they do) have never been personalized with an individual symmetric secret key.
This can only be done successfully if the signature itself is in its entirety available to the validating entity.
The decryption of an incomplete signature would only result in meaningless data that can not be compared with the input data that were supposed to have been signed.
This condition can not be fulfilled in practice when small hand-held unconnected smart card readers are being used: given that a typical PKI signature size is in the order of 100 bytes, the display of these readers is far too small to display a full signature and it is in any case totally unrealistic to expect a user to manually transfer a 100-byte value from the reader's display to a PC without making a single mistake.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Remote authentication and transaction signatures
  • Remote authentication and transaction signatures
  • Remote authentication and transaction signatures

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0129]Important components of embodiments of the invention are illustrated in FIG. 12 as including a smart card reader 20 (or simply reader) and an authentication server 30 (or simply server).

[0130]At a minimum the reader 20 includes an interface 28 to accept a smart card and a power supply 27. Some readers also include one or more user operable buttons or keys; this is represented in FIG. 12 by the keyboard 25. As used herein a user inserts a smart card into the smart card interface 28. As a consequence of some operation carried out by the reader 20, information is generated by the reader. That information may be a One-Time Password (OTP). If transaction data is input to the reader the information which is generated may include a signature such as a MAC. The output information may be presented on a display, such as the display 26. Alternatively the reader may be digitally connected to a network. In that event the information may be presented to another entity also connected to the ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides a method, apparatus, computer readable medium and signal which allows the usage of devices containing PKI private keys such as PKI-enabled smart cards or USB sticks to authenticate users and to sign transactions. The authenticity of the user and / or the message is verified. Furthermore the operation (authentication and / or signing) occurs without the need for an application to have some kind of a direct or indirect digital connection with the device containing the private key. In other words a digital connection that would allow an application to submit data to the card for signing by the card's private key and that would allow retrieving the entire resulting signature from the card is not required. In addition the operation occurs without the need for the PKI-enabled device containing the private key (e.g. a PKI smart card or USB stick) to either support symmetric cryptographic operations or to have been personalized with some secret or confidential data element that can be read by a suitable reader.

Description

BACKGROUND[0001]As remote access of computer systems and applications grows in popularity the number and variety of transactions which are accessed remotely over public networks such as the Internet has increased dramatically. This popularity has underlined a need for security in particular;[0002]a. How to insure that people who are remotely accessing an application are who they claim they are and how to insure the transactions being conducted remotely are initiated by legitimate individuals. This subject is referred to as authentication.[0003]b. How to insure that transaction data has not been altered before being received at an application server. This is referred to as data integrity.[0004]c. How to guarantee that an individual, once having engaged in a transaction, is not in a position to repudiate it. This is referred to as non-repudiation.[0005]In the past, application providers have relied on static passwords to provide the security for remote applications. In the last couple...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(United States)
IPC IPC(8): H04L29/06G06F21/00
CPCG06F21/31G06F21/34H04L9/006H04L9/3228G06Q20/388H04L9/3271G06Q20/3823H04L9/3242H04L2209/56G06F21/33G06F2221/2103H04L63/067
Inventor COULIER, FRANKHOORNAERT, FRANK
Owner ONESPAN NORTH AMERICA INC
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products